Taken together she deems these multi-stakeholder processes for regulation of PSCs the “self-regulation-plus” approach because of the involvement of not only industry, but also states and civil society organizations. However, MacLeod concludes, among other points, that this approach “is not the definitive solution.” In the end she feels that unless several cited issues with the current approach are adequately addressed “the likely effectiveness of the ICoC and ICoCA human rights model as applied through a standard such as PSC.1” remains an open question.

It is in the interest of all – the PSC industry itself, as well as the states, commercial enterprises, and NGOs that utilize PSCs – to have effective and universally accepted standards, certification, and oversight frameworks. MacLeod’s stated significant concerns (listed below with comments) with the new PSC regulatory mechanisms should be reviewed carefully and taken into consideration by each of the three member pillars of the ICoCA (states, industry, civil society) as well as by the commercial and NGO entities that utilize PSCs. The latter are not well represented in the state-client focused ICoCA.

State involvement and support. The ICoCA oversight mechanism must be perceived as strong and functional. In the United States, conformance with the PSC.1 standard is now required by the Department of Defense for all contracted private armed security overseas and the Department of State has recently stipulated in its largest protective services solicitation that each bidder must confirm compliance with the requirements set forth in PSC.1 (as well as demonstrate that it is a member in good standing with the ICoCA). In the United Kingdom, the Foreign Commonwealth Office has stipulated PSC.1 compliance for overseas contracted security services. MacLeod questions how the ICoCA, with its focus to the state clients of PSCs, can be extended to the other commercial and NGO clients of PSCs.

Ability to deal with non-certified and rogue PSCs. Furthermore, MacLeod queries how the ICoCA can contend with non-certified PSCs. She makes the case for states to weigh in to encourage PSC clients in the NGO and commercial sectors to use only ICoC compliant PSCs.

Scope of the certification. MacLeod recommends that clients of certified PSCs know the scope of their PSC’s certification. Is the company globally certified to the PSC.1 standard or is the scope of the certification limited to a specific operating unit or geography?

Auditor competence. MacLeod stresses that certifying auditors must be competent in human rights. The human rights elements in PSC.1 are significant and require the use of auditors with suitable expertise. Additionally, it can also be argued that it is essential that PSCs draw upon human rights expertise themselves if they are to fully and adequately develop, implement, and sustain the human rights components of the PSC.1 standard. Failing to sufficiently develop, implement, and sustain the human rights risk management provisions of the PSC.1 will be corrosive to the credibility of the PSC’s certification as well as a significant undermining factor in demonstrating their responsibility to respect human rights and prevent adverse impacts.

Human Rights Impact Assessments. MacLeod highlights the current lack of clarity on how a PSC should assess human rights risk and impacts and what tools they should use to do so. She is spot on here. While PSC.1 does not explicitly require PSCs to conduct human rights risk and impact assessment (HRRIA), human rights is a specified component of the risk assessment process. As part of the risk assessment process, PSCs have the opportunity to conduct an HRRIA to identify specific human rights risk exposure and develop the processes to address each risk. PSC.1 also requires the establishment of a complaint and grievance mechanisms with external stakeholders. An effective HRRIA conducted with the cooperation and involvement of the local impacted community can greatly facilitate this process. HRRIAs are an imperative part of the overall risk assessment process and should be conducted as part of every pre-deployment survey or advance party at the tactical and operational level. Like security, human rights risk mitigation is most effective when it is developed and integrated at the initial project planning stage and not implemented as a “bolt on” or reactionary activity.

Client awareness, education and training. This certainly requires a greater awareness effort and MacLeod rightfully argues that the effectiveness of PSC.1 certification will be dependent upon the extent to which all clients, government, commercial, and civil society, understand the certification process. The ICoCA, with its multi-stakeholder three-pillar approach, can, and undoubtedly will, be instrumental in this regard.

By identifying areas of perceived potential weakness with the multi-stakeholder process as it currently now stands, MacLeod goes a long way in spotlighting the specific areas that must be addressed in the short term if a credible and viable “self-regulation-plus” PSC industry regulatory mechanism is to continue for the long term.